Skip to content

E
edx-notes-api
Commit cbf25263 by Tim Babych Committed by Oleg Marshev
Options

enable more

parent 5fd3ff8c
Showing with 85 additions and 81 deletions
notesapi/v1/tests/test_views.py
...@@ -71,6 +71,10 @@ class BaseAnnotationViewTests(APITestCase): ...@@ -71,6 +71,10 @@ class BaseAnnotationViewTests(APITestCase):
es.indices.refresh() es.indices.refresh()
@classmethod @classmethod
def setUpClass(cls):
es.indices.create(index=settings.ES_INDEXES['default'], ignore=400)
@classmethod
def tearDownClass(cls): def tearDownClass(cls):
""" """
* deletes the test index * deletes the test index
...@@ -344,92 +348,92 @@ class AnnotationViewTests(BaseAnnotationViewTests): ...@@ -344,92 +348,92 @@ class AnnotationViewTests(BaseAnnotationViewTests):
self.assertEqual(len(response.data), 5, "five annotations should be returned in response") self.assertEqual(len(response.data), 5, "five annotations should be returned in response")
# @patch('django.conf.settings.DISABLE_TOKEN_CHECK', True) @patch('django.conf.settings.DISABLE_TOKEN_CHECK', True)
# class AllowAllAnnotationViewTests(BaseAnnotationViewTests): class AllowAllAnnotationViewTests(BaseAnnotationViewTests):
# """ """
# Test annotator behavior when authorization is not enforced Test annotator behavior when authorization is not enforced
# """ """
# def test_create_no_payload(self): def test_create_no_payload(self):
# """ """
# Test if no payload is sent when creating a note. Test if no payload is sent when creating a note.
# """ """
# url = reverse('api:v1:annotations') url = reverse('api:v1:annotations')
# response = self.client.post(url, {}, format='json') response = self.client.post(url, {}, format='json')
# self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# class TokenTests(BaseAnnotationViewTests):
# """
# Test token interactions
# """
# url = reverse('api:v1:annotations')
# token_data = {
# 'aud': settings.CLIENT_ID,
# 'sub': TEST_USER,
# 'iat': timegm(datetime.utcnow().utctimetuple()),
# 'exp': timegm((datetime.utcnow() + timedelta(seconds=300)).utctimetuple()),
# }
# def _assert_403(self, token):
# """
# Asserts that request with this token will fail
# """
# self.client.credentials(HTTP_X_ANNOTATOR_AUTH_TOKEN=token)
# response = self.client.get(self.url, self.headers)
# self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# def test_200(self):
# """
# Ensure we can read list of annotations
# """
# response = self.client.get(self.url, self.headers)
# self.assertEqual(response.status_code, status.HTTP_200_OK)
# def test_no_token(self): class TokenTests(BaseAnnotationViewTests):
# """ """
# 403 when no token is provided Test token interactions
# """ """
# self.client._credentials = {} url = reverse('api:v1:annotations')
# response = self.client.get(self.url, self.headers) token_data = {
# self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) 'aud': settings.CLIENT_ID,
'sub': TEST_USER,
'iat': timegm(datetime.utcnow().utctimetuple()),
'exp': timegm((datetime.utcnow() + timedelta(seconds=300)).utctimetuple()),
}
def _assert_403(self, token):
"""
Asserts that request with this token will fail
"""
self.client.credentials(HTTP_X_ANNOTATOR_AUTH_TOKEN=token)
response = self.client.get(self.url, self.headers)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# def test_malformed_token(self): def test_200(self):
# """ """
# 403 when token can not be decoded Ensure we can read list of annotations
# """ """
# self._assert_403("kuku") response = self.client.get(self.url, self.headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# def test_expired_token(self): def test_no_token(self):
# """ """
# 403 when token is expired 403 when no token is provided
# """ """
# token = self.token_data.copy() self.client._credentials = {}
# token['exp'] = 1 response = self.client.get(self.url, self.headers)
# token = jwt.encode(token, settings.CLIENT_SECRET) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# self._assert_403(token)
# def test_wrong_issuer(self): def test_malformed_token(self):
# """ """
# 403 when token's issuer is wrong 403 when token can not be decoded
# """ """
# token = self.token_data.copy() self._assert_403("kuku")
# token['aud'] = 'not Edx-notes'
# token = jwt.encode(token, settings.CLIENT_SECRET)
# self._assert_403(token)
# def test_wrong_user(self): def test_expired_token(self):
# """ """
# 403 when token's user is wrong 403 when token is expired
# """ """
# token = self.token_data.copy() token = self.token_data.copy()
# token['sub'] = 'joe' token['exp'] = 1
# token = jwt.encode(token, settings.CLIENT_SECRET) token = jwt.encode(token, settings.CLIENT_SECRET)
# self._assert_403(token) self._assert_403(token)
# def test_wrong_secret(self): def test_wrong_issuer(self):
# """ """
# 403 when token is signed by wrong secret 403 when token's issuer is wrong
# """ """
# token = jwt.encode(self.token_data, "some secret") token = self.token_data.copy()
# self._assert_403(token) token['aud'] = 'not Edx-notes'
token = jwt.encode(token, settings.CLIENT_SECRET)
self._assert_403(token)
def test_wrong_user(self):
"""
403 when token's user is wrong
"""
token = self.token_data.copy()
token['sub'] = 'joe'
token = jwt.encode(token, settings.CLIENT_SECRET)
self._assert_403(token)
def test_wrong_secret(self):
"""
403 when token is signed by wrong secret
"""
token = jwt.encode(self.token_data, "some secret")
self._assert_403(token)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment